Reflecting on the Tandem 6530

A long time ago, in a galaxy far, far away…

Before I get too far into my article, I wanted to share a strange and wonderful case of déjà vu. Some of you may know that I worked in the networking department for a while and was there when we purchased an encryption company called Atalla in 1987. I had the job of installing a Tandem NonStop at Atalla and integrating them into the Tandem network.

Fast forward 30 years, and my current company, Micro Focus, now owns Atalla, along with the rest of what was once HPE software. Every couple of weeks I drive down 101 to visit the Moffitt Towers campus and have lunch with my old Tandem coworkers (hi Deb and TC!).

Now back to our story, which also started a long time ago, and far, far away from

Cupertino. Tandem opened up a design and manufacturing plant in Austin Texas, to develop and manufacture the 6530 terminal. The 6530 was a character- and block-mode terminal designed to replace the devices that Tandem OEM’d from a couple of different manufacturers.

Back in the day, the 6530 was pretty powerful compared to the competition. It had a backplane and one or more large-format circuit boards, one of which I think held a z80 processor, custom firmware, and memory. I seem to remember that the code name was Dragon, but I’m sure that readers will correct me on both of these possible facts.

The 6530 was well-suited to advanced Pathway applications because of the special characters which allowed basic graphics like tables.

And Here We Are

While the 6530 exists only in dusty closets and museums, the 6530 protocol lives on as one way to connect to an HP NonStop server. Yes, there are web servers and open systems protocols to connect to a NonStop server, but the console and hundreds of applications still require a 6530 connection.

Since there aren’t that many (if any) Tandem 6530’s actually in service, how does one make the connection? By using a 6530 terminal emulator of course! My company, Micro Focus, sells the Reflection Desktop for NonStop emulator, but there are a handful of other 6530 emulators on the market.

No matter what operating system they support, terminal emulators appear to be a “green screen” to the host by emulating the data stream that the host expects to see. The host may think it’s talking to a dumb terminal, but because the emulator is a full-fledged software application, there is so much more that it can do.

 Cross Platform

There are very few organizations which only run NonStop servers. Quite often they will be found alongside IBM zSystems and perhaps HP-UX or other Unix systems. If this is the case, organizations should strongly consider an emulator which provides a consistent user experience across host types. That is, users should have a similar experience whether connecting to and interacting with a mainframe, a Linux system, or a NonStop server–which lowers training costs and increases user productivity.

Emulators that can access, process, and display data from heterogeneous systems at the same time can create powerful new uses for legacy systems.

Feel the Power… Carefully

Some emulators support macros which can read the data stream and based on what it sees can then send additional keyboard commands as if the operator was typing. Other macros might perform editing or mathematical operations on data from multiple screens or even multiple hosts.

But macros are also dangerous if misused, since a rogue employee can write a macro that uses the next record and save to file operations in a loop to download an entire database to their PC.

Boost Your Security

The 6530 and its associated protocol had no security built in, and in fact, the login to Pathway applications needed to be built into the application by the programmer, along with its own Userid-type of file and software to manage it.

Using a 6530 emulator without additional security can prevent organizations from meeting current governmental or industry regulations which require TLS 1.2 encryption, SHA-2 hashing, and data masking required by the Payment Card Industry’s Data Security Standard (PCI DSS).

Since many organizations need to assess whether or not their emulator is certified for Windows 10, now might be a good time to check the security features in your emulator. For example, can you boost login security by adding multi-factor authentication, implement strong encryption between NonStop and PC, and can you prevent employees from creating rogue macros? And can you implement all of these without changing a line of code on the host side (or in the host application)? Am I the only one who has heard the stories about lost code for critical applications?

Even if you are not subject to government or industry regulations, implementing the latest security standards is just common sense to help mitigate hacking opportunities. And staying off of the front page for the wrong reasons is always goodness.

And Now a Word from Our Sponsor

Reflection is fully integrated with our Host Access Management and Security Server (MSS). Besides helping you to lock down your emulation environment, MSS also lets you extend your organization’s existing identity, authentication, and management system (IAM) to your mainframe and other host systems.

There are a large number of best practices implemented within the Micro Focus Reflection emulation family and I would like to share them with you so that you can use them to assess the security of your organization’s terminal emulator.

• Strong end-to-end encryption between the NonStop Server and the emulator is a given to prevent network sniffers from vacuuming up confidential data off of your network.
• Multi-factor authentication, including US government CAC cards, other smart cards, tokens, and even biometrics can help prevent the use of shared credentials or credential theft.
• “Step up authentication” can add additional login hurdles if something just doesn’t seem right, like using a PC that has not accessed the system before, or logging in from an unknown or suspect location.
• Being able to create custom NonStop emulator sessions and deploy them to end-users via automatic means allows you to enforce Separation of Duties and implement role-based access.
• Installing a security server in front of your NonStop server will block access by outsiders or rogue employees even if they download their own terminal emulator.

Summary

6530 access to the NonStop Server isn’t going away any time soon. Since organizations run critical applications on their NonStop Servers, it is important to secure them from unauthorized access and prevent network “sniffing” to grab confidential data in motion.

Whether organizations want it or not, Windows 10 is coming, which is another important reason to move to a modern, secure terminal emulator. And finally, you have to ensure that your terminal emulation environment is properly configured and that your users are prevented from making changes that can leave you open to hacking or, perhaps worse, allow them to steal critical information.

For More Information on Micro Focus terminal emulation:

• Host Access Management & Security Server :
  https://support2.microfocus.com/manuals/reflection.html?prod=MSS
• Micro Focus Advanced Authentication:
  https://www.attachmate.com/documentation/mss-12-4-u/mss-admin-guide/data/t43gq9rdkg83.htm
• Reflection Desktop for NonStop 16.0 release notes: https://support2.microfocus.com/techdocs/2821.html
• Reflection Desktop for NonStop 16.1 release notes: https://support2.microfocus.com/techdocs/2894.html

Ron LaPedis, a global enablement specialist at Micro Focus, is a prolific author, blogger, and speaker with more than 21 years of information security, business continuity, and emergency response experience. After 25 years with Hewlett Packard in various domestic and overseas positions, he worked for Citrix, NetApp, and most recently Sungard AS before joining Micro Focus to concentrate on identity, access, security and host connectivity. Ron holds several certifications including AFBCI, MBCP, CBCV, CISSP-ISSAP and ISSMP.